diff --git a/configure.ac b/configure.ac index 4d57f0f90..99970f65d 100644 --- a/configure.ac +++ b/configure.ac @@ -266,7 +266,7 @@ AC_ARG_ENABLE([tls13-draft18], ) if test "$ENABLED_TLS13_DRAFT18" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS" fi @@ -278,7 +278,7 @@ AC_ARG_ENABLE([tls13-draft22], ) if test "$ENABLED_TLS13_DRAFT22" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS" fi @@ -290,7 +290,7 @@ AC_ARG_ENABLE([tls13-draft23], ) if test "$ENABLED_TLS13_DRAFT23" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS" fi @@ -302,7 +302,19 @@ AC_ARG_ENABLE([tls13-draft26], ) if test "$ENABLED_TLS13_DRAFT26" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS" +fi + + +# TLS v1.3 Draft 28 +AC_ARG_ENABLE([tls13-draft28], + [AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])], + [ ENABLED_TLS13_DRAFT28=$enableval ], + [ ENABLED_TLS13_DRAFT28=no ] + ) +if test "$ENABLED_TLS13_DRAFT28" = "yes" +then + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS" fi @@ -313,7 +325,7 @@ AC_ARG_ENABLE([tls13], [ ENABLED_TLS13=no ] ) -if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" +if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes" then ENABLED_TLS13="yes" fi @@ -4544,6 +4556,7 @@ echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18" echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22" echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23" echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26" +echo " * TLS v1.3 Draft 28: $ENABLED_TLS13_DRAFT28" echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE" diff --git a/src/internal.c b/src/internal.c index d2b932619..d353bd820 100644 --- a/src/internal.c +++ b/src/internal.c @@ -16813,7 +16813,7 @@ exit_dpk: int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv) { #ifdef WOLFSSL_TLS13 - #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT /* TODO: [TLS13] Remove this. * Translate the draft TLS v1.3 version to final version. */ diff --git a/src/ssl.c b/src/ssl.c index 16bae5005..c7600c8c6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15520,7 +15520,7 @@ const char* wolfSSL_get_version(WOLFSSL* ssl) #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : /* TODO: [TLS13] Remove draft versions. */ - #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT #ifdef WOLFSSL_TLS13_DRAFT_18 return "TLSv1.3 (Draft 18)"; #elif defined(WOLFSSL_TLS13_DRAFT_22) diff --git a/src/tls.c b/src/tls.c index fcd864e50..32b1084aa 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5231,7 +5231,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, *(output++) = (byte)(cnt * OPAQUE16_LEN); for (i = 0; i < cnt; i++) { -#ifndef WOLFSSL_TLS13_FINAL +#ifdef WOLFSSL_TLS13_DRAFT /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ if (pv.minor - i == TLSv1_3_MINOR) { /* The TLS draft major number. */ @@ -5250,7 +5250,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, } #ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { output[0] = TLS_DRAFT_MAJOR; @@ -5307,7 +5307,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, major = input[i]; minor = input[i + OPAQUE8_LEN]; -#ifndef WOLFSSL_TLS13_FINAL +#ifdef WOLFSSL_TLS13_DRAFT /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { major = SSLv3_MAJOR; @@ -5362,7 +5362,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, major = input[0]; minor = input[OPAQUE8_LEN]; - #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { major = SSLv3_MAJOR; diff --git a/src/tls13.c b/src/tls13.c index 179a932a9..7a1b83174 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1416,6 +1416,7 @@ static void AddTls13RecordHeader(byte* output, word32 length, byte type, #ifdef WOLFSSL_TLS13_DRAFT_18 rl->pvMinor = TLSv1_MINOR; #else + /* NOTE: May be TLSv1_MINOR when sending first ClientHello. */ rl->pvMinor = TLSv1_2_MINOR; #endif c16toa((word16)length, rl->length); @@ -3704,12 +3705,12 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; /* TODO: [TLS13] Change to ssl->version.major and minor once final. */ - #ifdef WOLFSSL_TLS13_FINAL - hrr[hrrIdx++] = ssl->version.major; - hrr[hrrIdx++] = ssl->version.minor; - #else + #ifdef WOLFSSL_TLS13_DRAFT hrr[hrrIdx++] = TLS_DRAFT_MAJOR; hrr[hrrIdx++] = TLS_DRAFT_MINOR; + #else + hrr[hrrIdx++] = ssl->version.major; + hrr[hrrIdx++] = ssl->version.minor; #endif #endif /* Mandatory Cookie Extension */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d456220cc..36f352191 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1121,7 +1121,7 @@ enum Misc { TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ -#ifndef WOLFSSL_TLS13_FINAL +#ifdef WOLFSSL_TLS13_DRAFT TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ #ifdef WOLFSSL_TLS13_DRAFT_18 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */